Merge branch 'docker_image_branch' into 'develop'

Docker image branch See merge request !21

Merge branch 'docker_image_branch' into 'develop'
e6847f7f · (INACTIVE) Marcel Bajdel (new marcel.bajdel) · a12fa1b3 · 9c3f9d14 · e6847f7f · e6847f7f
Commit e6847f7f authored 1 year ago by (INACTIVE) Marcel Bajdel (new marcel.bajdel)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
-stages:       
-   # List of stages for jobs, and their order of execution
-  - build_branch # creates tarball of branch image
-  - branch_scan # Scan the tarball with trivy
-  - check_branch_image # Check whether the image is properly built
-  - build_develop  # builds when the merge request is made into development branch
-  - test_latest # tests when the image with tag latest is pushed
-  - build_tag  # builds when the tag is pushed
-  - test_tag  # tests when the tag is pushed
-  - trigger_pipeline # Triggering other pipeline
-
-build_branch:  # Creating tarball for the each branch in the repository
-  stage: build_branch
-  image: 
-    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [""]
-  script:
-    - mkdir tar_images
-    # specify auths for kaniko executor
-    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
-    # if the image does not exist and there are changes (excluding README.md), build it
-    - /kaniko/executor --context $CI_PROJECT_DIR --no-push --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_BRANCH --tarPath $CI_PROJECT_DIR/tar_images/$CI_COMMIT_BRANCH.tar
-  artifacts:
-    paths:
-      - tar_images
-    when: on_success
-    expire_in: 10 minutes
-  rules:
-    - if: '$CI_COMMIT_BRANCH == "develop" || $CI_COMMIT_BRANCH == "main"'
-      when: never
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "develop"'
-      when: never
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main" || $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "release"'
-      when: never
-    - exists:
-        - $CI_COMMIT_BRANCH
-    - changes:
-        - README.md
-      when: never
-    - changes:
-        - '*'
-branch_scan: # Scan the tarball with trivy
-  stage: branch_scan
-  image:
-    name: docker.io/aquasec/trivy:latest
-    entrypoint: [""]
-  script:
-    - mkdir scan_result
-    - cd tar_images
-    - trivy image --timeout 15m --offline-scan --input $CI_COMMIT_BRANCH.tar -f json -o ../scan_result/$CI_COMMIT_BRANCH.json --severity CRITICAL
-  artifacts:
-    paths:
-      - scan_result # scan results
-    when: on_success
-    expire_in: 10 minutes
-  rules:
-    - if: '$CI_COMMIT_BRANCH == "develop" || $CI_COMMIT_BRANCH == "main"'
-      when: never
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "develop"'
-      when: never
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main" || $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "release"'
-      when: never
-    - exists:
-        - $CI_COMMIT_BRANCH
-    - changes:
-        - README.md
-      when: never
-    - changes:
-        - '*'
-check_branch_image: # check for vulnerabilities and validate with crane
-  stage: check_branch_image
-  image:
-    name: gcr.io/go-containerregistry/crane:debug
-    entrypoint: [""]
-  script:
-    - cd tar_images
-    - file_name=${CI_COMMIT_REF_NAME} # Assuming you want to use the branch name
-    - vulnerabilities=$(awk -F '[:,]' '/"Vulnerabilities"/ {gsub("[[:blank:]]+", "", $2); print $2}' "../scan_result/${file_name}.json")
-    - |
-      if [ -n "$vulnerabilities" ]; then
-        echo "There are security issues with the image ${file_name}.Dockerfile. Image is not pushed to registry!"
-        echo "Vulnerabilities found in ${file_name}.Dockerfile are: $vulnerabilities" > docker_latest_image.txt
-        crane validate --tarball "$file_name.tar"
-        echo "false" > docker_latest_image.txt
-        exit 1
-      else
-        echo "There are no security issues with the image ${file_name}.Dockerfile."
-        crane validate --tarball "$file_name.tar"
-        echo "true" > docker_latest_image.txt
-      fi
-  artifacts:
-    paths: # save the results 
-      - tar_images
-  rules:
-    - if: '$CI_COMMIT_BRANCH == "develop" || $CI_COMMIT_BRANCH == "main"'
-      when: never
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "develop"'
-      when: never
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main" || $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "release"'
-      when: never
-    - exists:
-        - $CI_COMMIT_BRANCH
-    - changes:
-        - README.md
-      when: never
-    - changes:
-        - '*'
-
-build_develop: # This build will run at the merge to develop
-  stage: build_develop 
-  image: 
-    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [""]
-  script:
-    # specify auths for kaniko executor
-    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
-    # build the image with tag latest if the merge request is made into main
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:latest
-  rules:
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "develop"'
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main" || $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "release"'
-      when: never
-    - changes:
-        - README.md
-      when: never
-
-test_latest: # This test will run only for tag latest
-  stage: test_latest
-  image:
-    name: gcr.io/go-containerregistry/crane:debug
-    entrypoint: [""]
-  script:
-    # specify auths for crane executor
-    - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-    # validate the image with tag latest
-    - if ! crane validate --remote $CI_REGISTRY_IMAGE:latest; then exit 1; fi > test_latest.log
-  artifacts:
-    paths:
-      - test_latest.log
-  rules:
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "develop"'
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main" || $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "release"'
-      when: never
-    - changes:
-        - README.md
-      when: never
-
-build_tag: # This build will run only for tags
-  stage: build_tag
-  image: 
-    name: gcr.io/kaniko-project/executor:debug
-    entrypoint: [""]
-  only: # build only if a new tag is made
-    - tags
-  script:
-    # specify auths for kaniko executor  
-    - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json
-    # if the image does not exist, build it with the added tag
-    - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --destination $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
-
-test_tag: # This test will run only for tags
-  stage: test_tag
-  image:
-    name: gcr.io/go-containerregistry/crane:debug
-    entrypoint: [""]
-  only:
-    - tags
-  script:
-    # specify auths for crane executor
-    - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
-    # validate the image with tag latest
-    - if ! crane validate --remote $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME; then exit 1; fi > test_tag.log
-  artifacts:
-    paths:
-      - test_tag.log
-
-trigger_pipeline:
-  stage: trigger_pipeline
-  script:
-    - apt-get update -qy
-    - apt-get install -y curl
-    - 'curl --request POST --form "token=glptt-eb00396b920d3a6043997b78714990b1fa0063ea" --form ref=pipeline_branch https://codebase.helmholtz.cloud/api/v4/projects/9922/trigger/pipeline'
-  rules:
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "develop"'
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main" || $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "release"'
-      when: never
-    - changes:
-        - README.md
-      when: never
-  needs:
-    - test_latest
-
+include: #including the .gitlab-ci.yml from the hzb/docker-image-ci repository
+  - project: 'hzb/docker-image-ci'
+    ref: main
+    file: '.gitlab-ci.yml'
\ No newline at end of file
--- a/Dockerfile
+++ b/Dockerfile
@@ -22,6 +22,7 @@ ENV SRC_LOCATION=/opt/src
 # install build tools and utilities
 RUN apt-get update -y && apt-get upgrade -y && \
    apt-get install -y --no-install-recommends \
+#    locales \   
    ca-certificates \
    build-essential \
    busybox \
@@ -40,8 +41,13 @@ RUN apt-get update -y && apt-get upgrade -y && \
 ## create download repository
    && mkdir /opt/src \
    && mkdir /opt/epics \
-    && mkdir /opt/epics/base
-
+    && mkdir /opt/epics/base    
+## setting up the locale
+#RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && \
+#    locale-gen
+#ENV LANG en_US.UTF-8  
+#ENV LANGUAGE en_US:en  
+#ENV LC_ALL en_US.UTF-8

 # Clone the conf files into the docker container
 RUN git clone --depth 1 --recursive --branch R7.0.7 https://github.com/epics-base/epics-base.git ${SRC_LOCATION}